TY - CONF T1 - The Deployment of a Darknet on an Organization-Wide Network: An Empirical Analysis Y1 - 2008 A1 - Berthier,R. A1 - Michel Cukier KW - attack traffic KW - backscatter KW - darknet sensors KW - external source IP address KW - malicious traffic KW - organization network KW - organization-wide network KW - TCP scan KW - telecommunication congestion control KW - transmission control protocol KW - Transport protocols AB - Darknet sensors have the interesting property of collecting only suspicious traffic, including misconfiguration, backscatter and malicious traffic. The type of traffic collected highly depends on two parameters: the size and the location of the darknet sensor. The goals of this paper are to study empirically the relationship between these two parameters and to try to increase the volume of attackers detected by a given darknet sensor. Our empirical results reveal that on average, on a daily basis, 485 distinct external source IP addresses perform a TCP scan on one of the two /16 networks of our organizationpsilas network. Moreover, a given darknet sensor of 77 IP addresses deployed in the same /16 network collects on average attack traffic from 26% of these attackers. M3 - 10.1109/HASE.2008.54 ER -